fix(kugetsu): update forked session permissions after detection

Previously we only fixed base session permissions before forking.
But permissions are NOT inherited from parent to child.

Now we update the newly created session's permissions immediately
after detection, ensuring the forked session can access external
directories like ~/.kugetsu/worktrees/.

skills/kugetsu/scripts/kugetsu

@@ -1319,6 +1319,17 @@ for row in cursor.fetchall():
         exit 1
     fi
 
+    echo "Updating permissions for new session: $new_session_id"
+    python3 -c "
+import sqlite3
+conn = sqlite3.connect('$opencode_db')
+cursor = conn.cursor()
+PERMISSION_JSON = '[{\"permission\":\"question\",\"pattern\":\"*\",\"action\":\"deny\"},{\"permission\":\"plan_enter\",\"pattern\":\"*\",\"action\":\"deny\"},{\"permission\":\"plan_exit\",\"pattern\":\"*\",\"action\":\"deny\"},{\"permission\":\"external_directory\",\"pattern\":\"*\",\"action\":\"allow\"}]'
+cursor.execute('UPDATE session SET permission = ? WHERE id = ?', (PERMISSION_JSON, '$new_session_id'))
+conn.commit()
+print('[OK] Session permissions updated')
+"
+
     if [ "$DEBUG_MODE" = true ]; then
         echo "[DEBUG] Forked session permissions check:"
         python3 -c "